cybersecurity
Cloud Security Hardening
Protect business Critical Systems
How to identify Cloud risks?
Any cybersecurity hardening phase begins with an audit phase. We have developed cloud security audit processes for the following environments:
- Microsoft 365
- Google Workspace
- Google Cloud Platform
- Microsoft Azure
- AWS
- Oracle Cloud Infrastructure – OCI
For each environment, we would need a restricted Global Reader access which will allow us to audit several elements that may constitute risks of vulnerabilities. Each element is classified by a level of severity.
This audit results in a report detailing the risks by severity and an action plan for hardening the configurations of the Cloud environment.
What system can be hardened?
We believe that Cloud is more secure than other environments because it relies on a strong underlying infrastructure which is more secure than most of the on premise environments built in the enterprise. Furthermore, cloud environments incorporate all the necessary security technologies in order to operate safely and securely.
It is the cloud provider’s responsibility to secure the underlying infrastructure (data center, network, hardware & hypervisor), however it is the client’s responsibility to secure the environment he is leasing.
In this shared responsibility model, the responsibility is devided between the client and the cloud provider, the following illustration explains it in more details for three types of services (IAAS, PAAS & SAAS)
The Shared Responsibility Model
How does EXEO secures those systems?
Part of the Cybersecurity services EXEO provides is to harden the client environment in order to maximize the security of the hosted services and minimize the possibility of threats.
Based on these industry leading security recommendations, we maintain predefined checklists of controls and have developed our own standard operating procedures in order to perform the security hardening
Hardening the environment also makes monitoring more effective at detecting threats, by focusing on the incidents that require attention. If you would like to know more about how we help our clients stay secure, you can also check our managed security service page.
Through 2025, 99% of cloud security failures will be the customer’s fault.
Is the Cloud Secure
Systems that we harden
Cloud Security Hardening Services
Cloud Productivity Suites
- Accounts security
- Email Deliverability, Spoofing protection
- Logs and alerts
- Sharing policies
- Data leakage
- Accounts security
- Email Deliverability, Spoofing protection
- Threat Protection
Cloud Platforms
- Identity & Access Management (IAM)
- Security Center
- Storage Accounts
- Database Services
- Logging & Monitoring
- Networking
- Virtual Machines
- Appservice
- Identity & Access Management (IAM)
- Logging & Monitoring
- Networking
- Virtual Machines
- Storage
- Cloud SQL Database Services
- BigQuery
- Identity and Access Management
- Networking
- Logging & Monitoring
- Storage
- Infrastructure Container Engine for Kubernetes (OKE)
500 security controls.
300 security controls
Database Platforms
- Surface area reduction
- Authentication & Authorization
- Password Policies
- Auditing & Logging
- Application Development
- Encryption
- Operating System Level Configuration
- Installation and Planning
- File System Permissions
- MySQL Permissions
- Auditing and Logging
- Authentication
Network - Replication
- Installation and Patches
- Directory and File Permissions
- Logging Monitoring And Auditing
- User Access and Authorization
- Connection and Login
- PostgreSQL Settings
- Replication
- Special Configuration Considerations
Cloud Hardening : 5 tips to Secure the Cloud
Cloud Hardening limits the vulnerability of the cloud to attacks. It involves specific rules regarding system configuration and a set of good practices.
Cloud Security Hardening FAQ
Hardening limits the vulnerability of the cloud to attacks. It involves specific rules regarding system configuration. Without forgetting a set of good practices.
For the past ten years, companies have been migrating their IT systems to the cloud. 93% of them now use it (Microsoft).
In the face of attacks, the cloud is not infallible. The massive use of telework has weakened the IT security of organizations. In 2020, at the height of the pandemic, 47% of businesses saw an increase in cyberattacks (Thales).
Users are 99% responsible for cloud cybersecurity breaches (Gartner). Adopting a “Cloud Hardening” approach helps create a secure computing environment.
The hardening exercise consists of reducing unused functionalities and closing unnecessary access.
It is therefore essential to carefully study the use of the services before applying the hardening configurations. If the study was not exhaustive upstream of the hardening mission, it is possible that the configurations affect functional services and interrupt them.
The hardening exercise should be prepared and performed with great care.
Cloud functionalities increased on a regular basis. In order to properly cover the entire scope of hardening, we have compiled a methodology based on the following three recommendations:
- Those of the manufacturer by following all the functionalities
- Those of the Center for Internet Security
- The Cloud Security Alliance’s Cloud Control Matrix
Exeo supports its customers in the hardening process.
- We will first do an audit of the systems to be hardened;
- Provide a report indicating the controls to be tightened;
- Obtain the Customer’s agreement for each control;
- Implement hardening;
- Monitor the cloud to detect potential threats.
